Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A processor comprising: one or more registers; and an execution core coupled to the one or more registers, wherein the execution core is configured to perform a cryptographic sign operation on a data pointer using a cryptographic key to generate a second data pointer, and wherein the execution core is configured to store the second data pointer to a location, and wherein the execution core is configured to perform an authenticate operation on the second data pointer prior to dereferencing the data pointer to data in memory, wherein the data is operated upon during execution of a subsequent instruction by the execution core, wherein the authenticate operation verifies that the second data pointer has not been changed in the location prior to dereferencing the data pointer.
This invention relates to computer processor architecture and addresses the problem of ensuring data integrity and preventing unauthorized modification of data pointers in memory, particularly in the context of cryptographic operations. The processor includes one or more registers and an execution core connected to these registers. The execution core is designed to carry out a cryptographic sign operation. This operation uses a data pointer and a cryptographic key to generate a new, cryptographically signed data pointer. This signed data pointer is then stored in a specific memory location. Crucially, before the processor uses the signed data pointer to access data in memory (a process called dereferencing), the execution core performs an authentication operation on it. This authentication verifies that the signed data pointer has not been altered since it was stored. If the authentication succeeds, the execution core then proceeds to dereference the validated data pointer to access data in memory. This data will subsequently be operated upon during the execution of a later instruction by the same execution core. This mechanism enhances security by ensuring that the data being accessed through a pointer has not been tampered with.
2. The processor as recited in claim 1 wherein the location is a memory location.
A processor system is designed to manage data access operations, particularly focusing on optimizing performance and security when accessing specific locations. The system includes a processor configured to execute instructions and a memory controller that handles data transfers between the processor and memory. The processor determines whether a requested data access operation involves a protected location, such as a memory location, and enforces access control policies accordingly. If the location is protected, the processor may restrict or modify the operation to prevent unauthorized access or ensure data integrity. The system may also include mechanisms to validate access permissions, log access attempts, or trigger security protocols when protected locations are accessed. This approach enhances security by preventing unauthorized modifications or leaks of sensitive data stored in memory, while also improving performance by reducing unnecessary access checks for non-protected locations. The processor may further include logic to dynamically adjust access control settings based on runtime conditions, such as system load or threat levels, to balance security and efficiency. The overall system ensures that critical data in memory remains secure while maintaining efficient data processing operations.
3. The processor as recited in claim 2 wherein the memory location is in a stack in memory.
A system and method for managing memory locations in a computing environment, particularly for optimizing memory access and storage efficiency. The invention addresses the challenge of efficiently tracking and accessing memory locations, especially in dynamic memory allocation scenarios where memory usage patterns may change frequently. The system includes a processor configured to determine a memory location for storing data, where the memory location is specifically allocated within a stack in memory. The stack-based memory allocation ensures that memory is managed in a last-in-first-out (LIFO) manner, which simplifies memory management and reduces overhead in certain computing tasks. The processor further includes logic to execute instructions that utilize this stack-based memory location, ensuring that data is stored and retrieved efficiently. The system may also include additional components, such as a memory controller or a cache, to further enhance memory access performance. By leveraging stack memory for specific data storage needs, the invention improves memory management efficiency, reduces fragmentation, and enhances overall system performance in applications where stack-based operations are prevalent, such as function calls, recursive algorithms, or temporary data storage.
4. The processor as recited in claim 2 wherein at least a portion of a virtual address of the memory location is an input to the cryptographic sign and the authenticate operations.
A system for secure memory access in a computing environment involves a processor configured to perform cryptographic operations on memory addresses to ensure data integrity and authenticity. The processor includes a cryptographic module that generates a cryptographic signature for a memory location using at least a portion of the virtual address of that location as an input. This signature is then used to authenticate the memory location during subsequent access operations. The cryptographic module may also verify the integrity of the memory location by comparing the generated signature with a stored or expected value. The system may further include a memory controller that interacts with the cryptographic module to enforce access policies based on the authentication results. The processor may also include a translation lookaside buffer (TLB) that caches virtual-to-physical address translations and may store cryptographic metadata associated with those translations. The cryptographic operations may be performed using symmetric or asymmetric cryptographic algorithms, depending on the security requirements. This approach enhances security by ensuring that only authorized and unaltered memory accesses are permitted, protecting against tampering and unauthorized access.
5. The processor as recited in claim 4 wherein at least a portion of the virtual address is cryptographically combined with the cryptographic key.
A system and method for secure memory access control in a computing environment involves a processor configured to manage memory access using cryptographic techniques. The processor includes a memory management unit that translates virtual addresses to physical addresses while incorporating cryptographic operations to enhance security. At least a portion of the virtual address is cryptographically combined with a cryptographic key to generate a secure address or access token. This combination ensures that unauthorized access to memory locations is prevented, as any tampering with the virtual address or key would result in an incorrect physical address translation. The cryptographic combination may involve operations such as encryption, hashing, or other secure transformations to bind the virtual address to the key. The processor may also include additional logic to validate the cryptographic result before allowing memory access, further strengthening security. This approach is particularly useful in environments where memory integrity and confidentiality are critical, such as secure enclaves, trusted execution environments, or systems handling sensitive data. The cryptographic binding of virtual addresses to keys ensures that only authorized processes with the correct key can access specific memory regions, mitigating risks of unauthorized access or data leaks.
6. The processor as recited in claim 1 wherein the location is one of the one or more registers.
A processor includes a mechanism for accessing and modifying data stored in one or more registers. The processor is designed to address challenges in efficiently managing register-based operations, such as ensuring data integrity, minimizing access latency, and optimizing performance in computing tasks that rely on register storage. The processor includes a control unit that executes instructions to read from or write to the registers, where each register serves as a storage location for temporary data used during computation. The control unit may also include logic for handling register addressing, data alignment, and concurrent access to multiple registers. The processor further includes an arithmetic logic unit (ALU) that performs computations on data retrieved from the registers, with results stored back into the registers for subsequent operations. The system ensures that register access is synchronized with instruction execution to prevent conflicts and maintain data consistency. This design enhances computational efficiency by reducing memory access delays and improving instruction throughput, particularly in applications requiring frequent register manipulation.
7. The processor as recited in claim 1 wherein a signature generated from the sign operation is reduced in size replaces a subset of bits of the second data pointer in the location.
This invention relates to a processor system that enhances data integrity and security by using cryptographic signatures to validate data pointers. The system addresses the problem of ensuring the authenticity and integrity of data pointers in memory, which are critical for secure and reliable data access. The processor includes a cryptographic module that performs a sign operation to generate a signature from input data. This signature is then reduced in size to fit within a portion of a second data pointer stored in memory. The reduced-size signature replaces a subset of bits of the second data pointer, effectively embedding the signature within the pointer itself. This embedded signature can later be extracted and verified to confirm the integrity and authenticity of the data pointer, preventing unauthorized modifications or tampering. The system ensures that any changes to the data pointer can be detected, enhancing security in applications where data integrity is critical, such as secure memory access, authentication systems, or tamper-proof data storage. The processor may also include additional features, such as a memory interface for accessing the data pointer and a verification module to check the embedded signature against a reference value. This approach reduces the overhead of storing signatures separately while maintaining the ability to verify data pointer integrity efficiently.
8. The processor as recited in claim 1 wherein the execution core is configured to execute an instruction defined to perform the cryptographic sign operation.
A cryptographic processor includes an execution core designed to perform cryptographic sign operations. The execution core processes instructions that define cryptographic signing, such as generating digital signatures for data authentication. The processor may also include a memory interface for accessing cryptographic keys and data, as well as a control unit to manage instruction execution. The cryptographic sign operation involves applying a private key to data to produce a signature, ensuring data integrity and authenticity. This functionality is critical for secure communications, digital signatures, and authentication protocols. The processor may further support additional cryptographic operations, such as encryption or hashing, to enhance security. The execution core is optimized for efficient cryptographic computations, reducing latency and improving performance in security-sensitive applications. The processor may be integrated into systems requiring secure data processing, such as financial transactions, IoT devices, or blockchain networks. The design ensures compliance with cryptographic standards while maintaining high-speed operation.
9. The processor as recited in claim 8 wherein the instruction is a store instruction that is defined to write the second data pointer to memory.
A system and method for optimizing memory access operations in a processor involves managing data pointers to improve performance and reduce overhead. The processor includes a memory access unit configured to execute instructions that manipulate data pointers, which are references to memory locations. A key aspect is the use of a store instruction that writes a second data pointer to memory, enabling efficient pointer management and data access. The second data pointer may be derived from a first data pointer, which is obtained from a memory location specified by a base address and an offset. The processor may also include a register file for storing intermediate pointer values and a control unit to coordinate the execution of these operations. This approach reduces the need for multiple memory accesses and simplifies pointer arithmetic, improving overall system efficiency. The invention is particularly useful in applications requiring frequent pointer updates, such as data structure traversal or dynamic memory management.
10. The processor as recited in claim 9 wherein the store instruction is a store pair instruction that is defined to write a pair of values to memory.
A processor includes a store instruction that writes a pair of values to memory. The processor executes this store pair instruction to transfer two data values from registers to memory locations in a single operation. The instruction specifies a memory address and a register pair, allowing the processor to store the contents of two adjacent registers at consecutive memory locations. This reduces the number of instructions needed to store multiple values, improving efficiency in data transfer operations. The processor may include additional logic to handle alignment requirements, ensuring the values are stored correctly regardless of memory address boundaries. The store pair instruction is particularly useful in applications requiring frequent storage of related data pairs, such as in multimedia processing or vector operations, where performance gains from reduced instruction overhead are significant. The processor may also support other memory operations, including load instructions, to complement the store pair functionality. The design optimizes memory access patterns, minimizing latency and enhancing throughput in data-intensive tasks.
11. The processor as recited in claim 1 wherein the execution core is configured to execute an instruction defined to authenticate the second data pointer.
A system for secure data processing involves a processor with an execution core that verifies the authenticity of a second data pointer. The processor includes a memory controller to manage data access and an execution core that processes instructions. The execution core is specifically configured to execute an instruction that authenticates the second data pointer, ensuring that the pointer is valid and authorized before use. This authentication process helps prevent unauthorized or corrupted data access, enhancing system security. The execution core may also handle other instructions, such as those related to data manipulation or memory operations, but its ability to authenticate pointers is a key feature. The system is designed to operate in environments where data integrity and security are critical, such as in embedded systems, secure computing, or trusted execution environments. By verifying the authenticity of data pointers, the system reduces the risk of malicious attacks or data corruption, ensuring reliable and secure data processing.
12. The processor as recited in claim 11 wherein the instruction is a load instruction that is defined to read the second data pointer from memory.
A system and method for optimizing memory access operations in a processor architecture. The invention addresses inefficiencies in data retrieval processes, particularly when handling pointers stored in memory. The system includes a processor configured to execute instructions that manipulate data pointers, with a focus on improving the performance of load operations. The processor is designed to handle a load instruction that reads a second data pointer from memory, where the second data pointer is used to access additional data. The system may also include a memory controller that manages the transfer of data between the processor and memory, ensuring efficient retrieval of the second data pointer. The processor may further include a register file for storing intermediate data and a control unit for coordinating the execution of instructions. The invention aims to reduce latency and improve throughput by optimizing the handling of pointer-based memory accesses, particularly in scenarios where multiple levels of indirection are involved. The system may be implemented in various computing environments, including general-purpose processors, specialized accelerators, or embedded systems, to enhance performance in applications requiring frequent memory access operations.
13. The processor as recited in claim 12 wherein the load instruction is a load pair instruction that is defined to read a pair of values from memory.
A processor system is designed to optimize memory access operations, particularly for load instructions that retrieve data from memory. The system includes a processor with a load/store unit that executes load instructions to fetch data from memory locations. The load instruction is specifically a load pair instruction, which is configured to read a pair of values from memory in a single operation. This dual-value retrieval enhances efficiency by reducing the number of memory access cycles required compared to separate single-value loads. The processor may include additional components such as a register file to store the retrieved values and a memory management unit to handle address translation and access permissions. The load pair instruction may also support various addressing modes, including register-based addressing, to flexibly specify memory locations. The system ensures that the load pair operation is performed atomically, preventing data corruption during concurrent access. This approach improves performance in applications requiring frequent paired data access, such as multimedia processing or vector operations, by minimizing memory latency and bandwidth usage. The processor may further include error detection mechanisms to validate the integrity of the loaded data.
14. A processor comprising: an execution core configured to perform a cryptographic sign operation on an address using a cryptographic key to generate a signed address, wherein the execution core is configured to store the signed address to a location for subsequent use and, prior to the subsequent use of the address in response to the execution core executing a subsequent instruction by dereferencing the address as a data pointer, the execution core is configured to perform an authenticate operation with the cryptographic key on the signed address read from the location, wherein the authenticate operation verifies that the address has not been changed prior to dereferencing the data pointer during execution of the subsequent instruction to obtain data in memory, wherein the data is to be operated upon by the processor during execution of another subsequent instruction by the execution core.
A processor includes an execution core that performs cryptographic signing on memory addresses using a cryptographic key to generate signed addresses. These signed addresses are stored for later use. When a subsequent instruction dereferences the address as a data pointer, the execution core first performs an authentication operation using the same cryptographic key to verify the address has not been altered before accessing the data. This ensures data integrity by confirming the address remains unchanged from its original signed state. The authenticated data is then retrieved from memory and processed by the execution core during execution of another instruction. This mechanism prevents unauthorized modifications to memory addresses, enhancing security in memory access operations. The cryptographic operations are integrated into the processor's execution pipeline, allowing seamless verification before data retrieval. This approach is particularly useful in systems requiring secure memory access, such as those handling sensitive or critical data where integrity must be maintained. The processor's design ensures that any tampering with addresses is detected before data is accessed, mitigating potential security risks.
15. The processor as recited in claim 14 wherein the data pointer points to a memory location storing data to be operated upon by the execution core in response to execution of the subsequent instruction.
A processor system includes a memory and an execution core for processing instructions. The execution core retrieves instructions from the memory and executes them to perform operations on data. A data pointer is used to identify a memory location where the data to be processed is stored. When the execution core executes an instruction, it accesses the data at the memory location indicated by the data pointer. This allows the processor to efficiently locate and operate on the required data without additional addressing steps. The system may also include a control unit that manages the flow of instructions and data between the memory and the execution core. The data pointer can be updated dynamically to point to different memory locations as needed by subsequent instructions, ensuring flexibility in data access. This approach optimizes data retrieval and processing, reducing latency and improving overall performance. The processor may further include mechanisms to handle multiple data pointers or complex memory addressing schemes, enhancing its capability to manage large datasets or multi-threaded operations. The system is particularly useful in high-performance computing environments where rapid data access and processing are critical.
16. A method comprising: generating an address of a memory location in a processor, wherein the address is a data pointer to be dereferenced to obtain data to be operated upon by the processor; performing a cryptographic sign operation on the address using a cryptographic key to generate a signed address; detecting an attempt to dereference the data pointer to access the memory location to obtain the data, wherein the data is operated upon responsive to execution of a subsequent instruction in the processor; authenticating the signed address with the cryptographic key responsive to detecting the attempt, wherein the authenticating is performed on the signed address read from a second memory location in response to executing an instruction subsequent to generating the signed address; and preventing dereferencing of the data pointer during execution of the instruction responsive to a failure in authenticating the signed address.
This invention relates to memory access security in processors, specifically preventing unauthorized or tampered memory access by cryptographically verifying memory addresses before dereferencing. The problem addressed is ensuring data integrity and preventing malicious access to memory locations by validating address authenticity before operations are performed on the referenced data. The method involves generating a memory address as a data pointer to a location containing data to be processed. A cryptographic sign operation is performed on this address using a cryptographic key, producing a signed address. When an attempt is made to dereference the pointer to access the memory location, the signed address is authenticated using the same cryptographic key. This authentication occurs when the signed address is read from a second memory location during execution of an instruction following the generation of the signed address. If authentication fails, the dereferencing of the pointer is blocked, preventing unauthorized or corrupted data access. This ensures that only properly authenticated addresses can be used to access memory, enhancing security against memory-related attacks.
17. The method as recited in claim 16 further comprising permitting dereferencing of the data pointer during execution of the instruction responsive to successfully authenticating the signed address.
A method for secure memory access control in computing systems addresses the problem of unauthorized or corrupted memory access, which can lead to security vulnerabilities such as data leaks or system crashes. The method involves verifying the integrity and authenticity of a memory address before allowing access. Specifically, the method includes generating a signed address by cryptographically signing a memory address with a private key, storing the signed address in a memory location, and later retrieving the signed address during execution of an instruction. The method then authenticates the signed address using a corresponding public key to verify its integrity and authenticity. If authentication is successful, the method permits dereferencing of the data pointer associated with the signed address, allowing access to the memory location. This ensures that only properly authenticated memory addresses can be accessed, preventing unauthorized or corrupted memory operations. The method may also include additional security measures, such as validating the signed address against a whitelist of authorized addresses or checking for expiration of the signed address. This approach enhances system security by enforcing strict access control on memory operations.
18. The method as recited in claim 17 wherein successfully authenticating the signed address indicates that the address has not been changed in the second memory location.
A method for verifying the integrity of a stored address in a memory system involves checking whether the address has been altered. The method includes generating a cryptographic signature for an address stored in a first memory location, storing the signed address in a second memory location, and later retrieving the signed address from the second memory location. The retrieved signed address is then authenticated using the cryptographic signature. If authentication is successful, it confirms that the address in the second memory location has not been modified since it was initially stored. This method ensures data integrity by detecting unauthorized changes to the address. The cryptographic signature may be generated using a private key, and authentication may involve verifying the signature with a corresponding public key. The method is particularly useful in systems where address integrity is critical, such as secure communication protocols or tamper-proof storage systems. The technique prevents unauthorized modifications to addresses, ensuring reliable and secure operations.
19. The method as recited in claim 17 wherein the second memory location is in a stack in memory.
A method for managing memory in a computing system addresses the challenge of efficiently storing and retrieving data in a structured manner. The method involves writing data to a first memory location and subsequently writing the same data to a second memory location. The second memory location is specifically situated within a stack in memory, which is a region of memory used for temporary storage of data during program execution. The stack operates on a last-in, first-out (LIFO) principle, where the most recently stored data is the first to be retrieved. By storing the data in the stack, the method ensures that the data is easily accessible and can be efficiently managed during runtime. This approach is particularly useful in scenarios where data needs to be temporarily stored and quickly retrieved, such as in function calls, recursive operations, or context switching. The method may also include additional steps, such as reading the data from the second memory location or performing operations on the data stored in the stack. The use of the stack ensures that the data is stored in a structured and organized manner, reducing the risk of memory corruption and improving overall system performance.
20. The method as recited in claim 17 wherein the second memory location is a register.
A system and method for optimizing data processing in computing devices addresses the inefficiency of traditional memory access techniques, particularly in high-performance applications where latency and bandwidth constraints impact performance. The invention involves a data processing apparatus with a first memory location and a second memory location, where the second memory location is a register. The apparatus includes a processing unit configured to execute instructions that transfer data between the first memory location and the second memory location. The processing unit also performs operations on the data stored in the second memory location, such as arithmetic, logical, or bitwise operations, to enhance computational efficiency. The use of a register as the second memory location ensures low-latency access, reducing the time required for data retrieval and storage. The system may further include a control unit that manages the transfer of data between the memory locations and coordinates the execution of operations by the processing unit. The invention improves processing speed and reduces power consumption by minimizing unnecessary data transfers and leveraging the high-speed access capabilities of registers. This approach is particularly beneficial in applications requiring real-time processing, such as embedded systems, digital signal processing, and high-performance computing.
Unknown
November 10, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.